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DETAILED ACTION 

1 . This action is responsive to the application filed on September 26, 2003. Claims 1-35 are 
pending. Claims 1-35 represent System and method for identifying a network resource. 

2. Claim Objections 

The application includes improper numbering of claims. There are two claim 20's. 
Examiner will construe the second claim 20 as claim 36. Appropriate correction required. 

Claim 1 is objected to because of the following informalities: The second paragraph 
following the preamble ends with incorrect punctuation. The word "using" is followed by a 
period versus a semi-colon. Appropriate correction is required. 

Claim 21 is objected to because it recites the same exact limitations of claim 36. 
Appropriate correction is required. 



Claim Rejections - 35 USC 112 2 nd paragraph 

3. Claims 14, 15, and 18 rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 
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As per claim 14, the claim is drawn towards a method wherein the identifying 
information corresponds to illegal copies of files. The limitation "illegal" is indefinite, as what is 
legal or illegal is interpretive. Examiner will construe the limitation "illegal" copies of files to 
mean copies of files intended to be blocked based upon specific criteria (for example, blocking 
based on specified ip addresses). 

As per claim 15, the claim is drawn towards a method wherein the identifying 
information corresponds to prohibited resources. The limitation "prohibited resources" is 
indefinite as a resource that is "prohibited" is interpretive. Examiner will construe the limitation 
"prohibited" resources as those resources matching identifying information intended to be 
blocked for transmission. 

As per claim 18, the method wherein the identifying information corresponds to 
suspicious files and wherein a client requesting a file whose identifying information matches an 
identifying information stored in the database is presented a warning. The limitation "suspicious 
files" is interpretive. Examiner will construe "suspicious" files to mean those files matching 
identifying information intended to be blocked for transmission and furthermore flagged in a 
database as a warning. 

Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 
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(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

5. Claims 1-5, 9, 12, 16-17, 23-27 are rejected under 35 U.S.C. 102(b) as being 
unpatentable in view of Sarkissian et al. (U.S. Patent No. 67891 16 Bl, hereinafter Sarkissian). 

As per claim 1, Sarkissian et al. teaches in an information handling system for 
identifying network resources comprising packets of data received from a network, a method 
comprising: 

receiving a network resource comprising one or more packets, each packet comprising a header 
and data portion (col. 6, lines 52-56) 

parsing the bytes of the one or more packets according to the specific application-level protocol 
to extract identifying information relating to a specific resource requested (col.8, lines 30-36 and 
lines 64-67); 

comparing the extracted information to a list (data store of records) of identifying information 
stored in a real-time database, (col. 10, lines 38-46, where the comparison is the look up 
process seen in Figure 3, item 314) ; and 

providing a message indicating that the extracted information matches at least one entry in the 
real-time database when the comparison is positive (where the message provided is the final 
decision of the system after determining the presence of a flow-entry matching a flow in the 
database of known flows, see Figure 3, item 324. Upon the final recognition state, there is 
an indication that no more packets are to be examined col. 12, lines 65-67 and col. 13, lines 
1-6). 
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As per claims 2, the method wherein the receiving step comprises receiving a plurality of 
packets according to the Transmission Control Protocol (col. 27, lines 66-67) 

As per claim 3, the method wherein the receiving step comprises receiving a plurality of 
packets according to the User Datagram Protocol (col 28. lines 1-4). 

As per claim 4, the method wherein the one or more packets use the hypertext transfer 
protocol, the scanning step comprises extracting a destination domain name or IP address from a 
hypertext transfer protocol packet stream and the comparing step comprises comparing the 
address extracted with addresses stored in the database (col. 10, lines 5-15). 

As per claim 5, the method wherein the one or more packets follow the hypertext 
transfer protocol and the scanning step further comprises extracting the port, path, and name of 
the web resource from a hypertext transfer protocol packet stream (col. 2, lines 56-67). 

As per claim 9, the method wherein, the scanning step comprises extracting a filename 
and path received from a file transfer protocol packet stream (col. 1, lines 51-62, where the 
filename and path received is inherently part of the parser and extraction process disclosed 
by Sarkissian, used to generate the identifying signature (identifying information) key.) 

As per claim 12, the method further comprising providing a message announcing a 
match upon identifying the match (col. 25, lines 57-67). 

As per claim 16, the method wherein the scanning step comprises extracting an IP address (IP 
datagrams) from at least one packet and the comparing step comprises comparing the IP address 
(IP datagrams) with a set of IP addresses stored in the database (See col. 5, lines 40-50, where 
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the scanning and comparing step of claim 16 is substantially the same as claim 1 with the 
additional limitation of extracting and comparing an IP address, thus IP datagrams 
includes packets embodied as IP addresses. Refer to 
http://www.answers.com/topic/datagram .) 

As per claim 17, the method wherein the identifying information comprises a hash code 
(col. 10, lines 15-20) 

As per claim 23, the method wherein the scanning step further evaluates additional 
headers and the data portion of the hypertext transfer protocol, such as web forms on an html 
page, based on the address (col. 8, lines 64-67). 

As per claim 24, a system comprising 

a network interface (parser interface) for receiving data packets from a network (col. 24, lines 
8-11); 

a processor (Figure 11, item 1108) for extracting identifying information from the data packets 
and for comparing the extracted identifying information with the identified information stored in 
a database (figure 11, item 1 109) (col.); 

and an output (server announcement) for providing a message stating when a match has been 
found (col. 25, lines 57-67, Figure 5, item 508). 

As per claim 25 the system further comprising a memory (Figure 11, item 1115) for 
storing the identified information to be compared with the information extracted from the 
received packets (col. 24, lines 12-19). 
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As per claim 26, claim 26 is substantially the same as the system of claim 24 and thus is 
rejected for reasons similar to those in claim 24. Furthermore the limitation of a network 
gateway device (Figure 15, item 1502, where the network gateway device is the packet 
acquisition device.) 

As per claim 27 the local area network further comprising the database (database of 
flows, Figure 15, item 324) 



Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 6-8 are rejected under 35 U.S.C. 103 (a) as being unpatentable in view of 
Sarkissian et. al and further in view of Traversat et al. (US Patent No. 7065579 B2, hereinafter 
Traversat). 

As per claim 6,Sarkissian discloses the invention substantially as claimed. However 
Sarkissian does not explicitly disclose the method wherein the scanning step comprises 
extracting a hash code from a received peer to peer protocol packet stream. However, Traversat 
teaches the method wherein the scanning step comprises extracting a hash code from a received 
peer to peer protocol packet stream (col. 32, lines 1-16). 
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It would have been obvious to one of ordinary skill in the art at the time of the invention 
to combine Sarkissian in view of Traversat to provide the method of a network system to the 
method of scanning step comprising extracting a hash code from a received peer to peer protocol 
packet stream. One would be motivated to do so to allow additional means to provide "uniquely 
identifying content within a peer group." (col. 32, lines 10-15). 

As per claim 7, Sarkissian-Traversat discloses the method wherein the scanning step 
comprises extracting additional information needed to identify a specific program from a peer to 
peer protocol packet stream (col. 28, lines 47-55). The same motivation utilized in claim 6, 
applies equally as well to claim 7. 

As per claim 8, Sarkissian-Traversat discloses the method wherein, the scanning step 
comprises extracting a user agent name (group name), additional HTTP extension headers (peer 
group identifiers), or other information (etc.) needed to identify a specific program from a peer 
to peer protocol packet stream (col. 28, lines 24-55)). The same motivation utilized in claim 6, 
applies equally as well to claim 8. 

8. Claims 10, 14, 15, 18, 19, and 22 are rejected under 35 U.S.C. 103 (a) as being 
unpatentable in view of Sarkissian and further in view of Shetty (US Patent No. 6772345 Bl) 

As per claims 10, Sarkissian discloses the invention substantially as claimed. However 
Sarkissian does not teach the method wherein the scanning step further comprises detecting a 
transmission control protocol connection to an external simple mail transfer protocol server, and 
limiting access to the external simple mail transfer protocol server. 
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However, Shetty teaches the method wherein the scanning step further comprises 
detecting a transmission control protocol connection (col. 5, lines 15-20) to an external simple 
mail transfer protocol server, and limiting access to the external simple mail transfer protocol 
server (col. 2, lines 30-35) and 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to combine Sarkissian in view of Shetty to provide the method of a network system to an 
external simple mail transfer protocol server, and limiting access to the external simple mail 
transfer protocol server and the comparing step upon identifying a match further comprises 
limiting access by clients to external simple mail transfer protocol servers. One would be 
motivated to do so to allow additional means to increase access regulation (including regulation 
of packets according to specific protocols, addresses, URL's, websites or ports) (Abstract). 

As per claim 19, Sarkissian-Shetty teaches the method wherein the comparing step upon 
identifying a match further comprises limiting access by clients to external simple mail transfer 
protocol servers (col. 1, lines 55-65 and col. 2, line 20-35). The same motivation utilized in 
claim 10, applies equally as well to claim 19. 

As per claim 22, Sarkissian-Shetty teaches the method wherein the receiving step 
comprises receiving a plurality of packets according to the Simple Mail Transfer Protocol (col. 3, 
lines 30-35) and (col.5, lines 40-45). The same motivation utilized in claim 10 applies equally 
as well to claim 22. 

As per claim 14, Sarkissian-Shetty teaches the method wherein the identifying 
information corresponds to illegal copies of files (spam, col.3, lines 65-67). The same 
motivation utilized in claim 10 applies equally as well to claim 14. 
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As per claim 15, Sarkissian-Shetty teaches the method wherein the identifying 
information corresponds to prohibited resources (col. 4, lines 1-10, where prohibited resources 
include blocked ports or URL's). The same motivation utilized in claim 10, applies equally as 
well to claim 15. 

As per claim 18 Sarkissian-Shetty teaches the method wherein the identifying 
information corresponds to suspicious files (malwares) and wherein client requesting a file 
whose identifying information stored in the database is presented a warning (col. 4, lines 25-31). 

9. Claim 11 is rejected under 35 U.S.C. 103(a) as being unpatentable in view of Sarkissian 
et al and further in view of Fellenstein et al. (US Patent No. 7032007 B2, hereinafter 
Fellenstein) 

As per claim 11, Sarkissian discloses the invention substantially as claimed except, the 
method further comprising logging all instant message communication. 

However, Fellenstein teaches the method further comprising logging all instant message 
communication (col. 6, lines 5-12). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to combine Sarkissian in view of Fellenstein to provide the method of a network system to the 
method of logging all instant message communication. One would be motivated to do so to allow 
additional means to "look-up source user identification." Furthermore, logging instant message 
communication allows the scanning, parsing, and comparing of more identifying information 
about the receiving packets (Abstract). 
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10. Claims 13, and 21 are rejected under 35 U.S.C. 103(a) as being unpatentable in view of 
Sarkissian et al. and further in view of Strentzsch et al. (US Patent No. 6256671 Bl, hereinafter 
Strentzsch). 

As per claim 13, Sarkissian discloses the invention substantially as claimed, except the 
method wherein, the comparing step, upon identifying a match, further comprises blocking the 
user from accessing the resource corresponding to the matching identifying information 

However Strentzsch teaches the method wherein, the comparing step, upon identifying a 
match, further comprises blocking the user from accessing the resource corresponding to the 
matching identifying information (Abstract). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to combine Sarkissian in view of Strentzsch to provide the method of a network system to the 
method further comprising blocking the user from accessing the resource corresponding to the 
matching identifying information. One would be motivated to do so to allow a "beneficial way to 
provide a more secure way to control access" on the network (col. 1, lines 45-48). 

As per claim 21, Sarkissian discloses the invention substantially as claimed except, the 
method wherein the blocking step is accomplished by ending client/server communication for a 
response that contains the matching identifying information. 

However Strentzsch teaches the method wherein the blocking step is accomplished by 
ending client/server communication for a response that contains the matching identifying 
information (col. 9, lines 42-53). 
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It would have been obvious to one of ordinary skill in the art at the time of the invention 
to combine Sarkissian in view of Strentzsch to provide the method of a network system to the 
method wherein the blocking step is accomplished by ending client/server communication for a 
response that contains the matching identifying information. One would be motivated to do so to 
allow a more efficient means of blocking, indicating a match. Furthermore, to allow access to be 
"denied based on a restriction identifying [for example, a host name or a particular IP address] 
(col. 9, lines 42-53). 

1 1 . Claims 20 and 28-34 are rejected under 35 U.S.C. 103(a) as being unpatentable in view 
of Sarkissian et al. and further in view of Patterson et al. (US Patent No. 7093005 B2, 
hereinafter Patterson). 

As per claim 20, Sarkissian teaches all the limitations of claim 20 except the method 
further comprising using identifying information found by a central server farm comprising 
specialized search engines and a human staff to populate the database. 

However, Patterson teaches the method further comprising using identifying information 
found by a central server farm comprising specialized search engines (search box) and a human 
staff (user) to populate the database (Abstract). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to combine Sarkissian in view of Patterson to provide the network system of Sarkissian to the 
method further comprising using identifying information found by a central server farm 
comprising specialized search engines and a human staff to populate the database. One would be 
motivated to do so to allow identifying information to be gathered from additional locations such 
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as multiple servers within a server farm with the assistance of a human user. Furthermore, server 
farms function as "data centers" .. .that are "configured and brought on-line to carry out useful 
work virtually instantaneously" (col. 1, lines 42-45). 

As per claims 28-35, Sarkissian discloses the invention substantially as claimed except, 
the local area network further comprising 

a router disposed between the network gateway device and a firewall connecting the local 
area network to a wide area network 

a load balancer disposed between the router and a firewall; 

a network gateway device disposed between a router and a load ; 

a load balancer disposed between the network gateway device and a firewall connecting 
the local area network to a wide area network ; 

a router containing the network gateway device; 

a firewall disposed between the router containing the network gateway device and the 
wide area network; 

a firewall containing the network gateway device; 

However, Patterson teaches 

a router disposed between the network gateway device (default gateway) and a firewall 
connecting the local area network to a wide area network (col. 6, lines 10-21, See Figure 7). 



Application/Control Number: 10/672,910 Page 14 

Art Unit: 2144 

a load balancer disposed between the router (where the load balancer is also a routing 
device) and a firewall (col. 6, lines 10-21); 

a network gateway device disposed between a router and a load balancer (default 
gateway) 

a load balancer disposed between the network gateway device and a firewall connecting 
the local area network to a wide area network (col. 6, lines 10-21); 

a router (col. 6, lines 10-21) containing the network gateway device; 

a firewall disposed between the router containing the network gateway device and the 
wide area network (col. 6, lines 10-21); 

a firewall containing the network gateway device (col. 6, lines 10-21); 

It would have been obvious to one of ordinary skill in the art at the time of the invention to 
combine Sarkissian in view of Patterson to provide the network system of Sarkissian to the local 
area network of Patterson. One would be motivated to do so to allow optimal use of computing 
resources through the load balancer, to allow or block traffic in the network system by means of 
the firewall, and to utilize a network gateway device to route traffic based on definition known to 
one of ordinary skill in the art. 

As per claim 36, claim 36 is substantially the same as claim 21 and thus rejected for the 
same reasons as claim 21 . 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Joiya Cloud whose telephone number is 571-270-1 146. The 
examiner can normally be reached Monday to Friday from on 7:30am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William Vaughn can be reached on 571-272-3922. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-3922. Information 
regarding the status of an application may be obtained from the Patent Application Information 
Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available 
through Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the 
Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



JMC 

William J. Vaughn 
Supervisory Patent Examiner 



October 30, 2006 



